Customer data is used throughout the business world, whilst some use is essential for a business to operate, others are non-essential. SM Services will only retain essential data for the purpose of normal business activities. The areas where SM Services requires access to customer data is as follows: –
1/ Quotes & Invoices.
During normal business activities customer contact details will need to be obtained for inclusion on quotations and invoices etc. and the name of whoever is authorised to request the work and verify the satisfactory completion, are key requirements.
2/ Warranties & HMRC.
A record of every job undertaken by SM Services is required for the purpose of verifying earnings to HMRC and as a cross reference in the event of any products or materials supplied by SM Services failing whilst still within manufactures warranty period. The location address, schedule of work, materials supplied / installed etc. are all essential items of data for this purpose.
3/ Product recalls.
Occasionally manufactures have product recalls due to hazards or defects being identified after an item has been installed. (Quality ,control may identify a batch of product that require remedial work. This has been seen in the past with some fuse box protective devices failing prematurely). In these instance’s product recall letters, emails or webpages are typically issued to potential contractors to check work they have undertaken during a certain time period. As such, SM Services keeps all records as accurate as possible to eliminate any potential dangers to any customers as rapidly as possible.
4/ NICEIC Assessments.
As a member of the NICEIC an annual assessment of SM Services has to be carried out. As well as checking; paperwork, certificates, insurance and other admin related issues, site visit(s) are required to assess general standard of workmanship and compliance with BS7671. Records of work undertaken and the person to contact for access are needed in order to arrange these appointments as and when required.
- SM Services makes no other use of any personal data held.
- SM Services never passes on or sells any contact details to any third-party organisation(s).
- SM Services never distributes any unsolicited marketing material, by post or electronically.
- SM Services does not store any customer data on any internet or cloud-based storage applications.
- SM Services does not use any social medial or mobile phone applications for storing customer contact details.
All data used and held by SM Services is managed and controlled by Stuart Mills. Data may be on hard-copy printed sheets or an electronic format (word processor/e-mail/spreadsheet). Any electronic data is stored on private devices that in normal use are not accessible to the general public via the internet.
The basic concepts of GDPR are that personal data will be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
And that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
The above extract and further guidance about data protection can be found at the Gov.uk via the following link. 
gov.uk “guide-to-the-general-data-protection-regulations”
-{page end 20June20}-